Merge pull request #106 from UncoderIO/gis-cortex-add-escape

Add escape to the alter parsing string

Author: saltar-ua

uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py

@@ -98,7 +98,7 @@ class CortexXQLQueryRender(PlatformQueryRender):
     mappings: CortexXSIAMMappings = cortex_xsiam_mappings
     is_strict_mapping = True
     raw_log_field_pattern = (
-        '| alter {field} = regextract(to_json_string(action_evtlog_data_fields)->{field}{{}}, ""(.*)"")'
+        '| alter {field} = regextract(to_json_string(action_evtlog_data_fields)->{field}{{}}, "\\"(.*)\\"")'
     )
 
     or_token = "or"